Exchange 2010 CAS server in NLB reboot forces some users to re-authenticate

Similar Messages

• First 2010 CAS server OWA not working

  I have an exchange 2007 organization that we're migrating to 2010. We installed our first 2010 CAS server. When trying to access OWA on this new 2010 CAS server, I see the following error in a browser:
  A server configuration change is temporarily preventing access to your account.  Please close all Internet Explorer windows and try again in a few minutes.  If the problem continues, contract your helpdesk.
  Can someone explain to me why this is not working?
  Thanks,
  Ryan

  Hi,
  Based on the description, Exchange 2007 user could not access OWA on Exchange 2010 CAS server. Please check if you could open OWA page using the local host url on the Exchange 2010 server.
  https://localhost/owa
  Please check the external url and internal url settings on both the Exchange 2007 and Exchange 2010 server to see if they are configured correctly. For more details about Internal URL and External URL for OWA, you can refer to the following article.
  View or Configure Outlook Web App Virtual Directories
  http://technet.microsoft.com/en-us/library/dd298140(v=exchg.141).aspx
  Best regards,
  Belinda
  Belinda Ma
  TechNet Community Support

• Staging the NLB cluster Static port change of Exchange 2010 CAS or do it all in one day ?

  Folks,
  Here is the server deployment in my AD domain:
  Email flow and Outlook client connection go through the NLB cluster VIP email.domain.com.au which is served by the following server:
  PRODHT-CAS01 (HT-CAS Server Windows NLB node 1)
  PRODHT-CAS02 (HT-CAS Server Windows NLB node 2)
  Public Folder access through Outlook client goes through the following servers:
  PRODMBX01 (Stand-alone Mailbox Server 1) no DAG
  PRODMBX02 (Stand-alone Mailbox Server 2) no DAG
  Can I make the changes first on the first stack of Exchange Server set as below first:
  PRODHT-CAS01 (HT-CAS Server NLB node 1)
  PRODMBX01 (Stand-alone Mailbox Server 1) no DAG
  in order to test the Outlook email & Public Folder connectivity in the first week and then followed by the rest of the server set:
  PRODHT-CAS02 (HT-CAS Server NLB node 2)
  PRODMBX02 (Stand-alone Mailbox Server 2) no DAG
  would that cause the NLB or user email access problem?
  Do I have to make the changes all in one day for those four servers followed by the reboot?
  Reason of changing: The hardware load balancer (Riverbed) requires to have static RPC port to work properly.
  This is the article to change the Static port in my NLB cluster Exchange HT-CAS server role on Exchange Server 2010 SP2: http://social.technet.microsoft.com/wiki/contents/articles/864.configure-static-rpc-ports-on-an-exchange-2010-client-access-server.aspx
  Thanks in advance.
  /* Server Support Specialist */

  All the servers behind the load balancer must be the same.
  You can change the stand alone MBX server's RCA port as that traffic is not load balanced.
  Changing Exchange is straight forward, just be careful to enter the registry keys correctly and then check AB and RCA is listening on the new static ports after you restart the services.
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
  Rhoderick,
  Many thanks for the suggestion. My goal here is to minimize any impact / email service downtime to the user while configuring the static ports.
  1. Do I have to dissolve the Windows NLB cluster after the static port configuration on both HT-CAS servers or can I still keep the NLB cluster?
  2. "All the servers behind the load balancer must be the same." Do you mean do I have to do the static RPC port the same day for all server set ?
  /* Server Support Specialist */

• Exchange 2013 CAS server connection to Exchange 2010 Mailbox server

  Hi Guys,
  I have a quick question i am planning to upgrade my infra from Exchange 2010 to Exchange 2013 and i have come across a small question, my infra looks likes below
  3 Exchange server (CAS+ HT + MBX roles) Exchange 2010
  1 Exchange server MBX role For journlaing Exchange 2010
  1 CAS for internet owa access Exchange 2010
  Now i will be  installing exchange 2013 CAS on 2 box and MBX on 3 box 
  will decomm the 3 exchange box which has (CAS+ HT + MBX roles) and 1 CAS which we use for owa access.
  will keep the Journaling server as it is will not be decomming it as of now.
  My question is is will i be able to connect to the journaling mailbox's which are hosted on exchange 2010 journaling server without actually having any 2010 cas server, will exchange 2013 cas directly help me to connect to the journal mailbox or would i need
  to add CAS role on Exchange 2010 journaling server and enable outlook anywhere configure the directories with the url's to make it working.
  Please suggest on the same.
  BR/Deepak

  Hi TheLearner,
  Thank you for your question.
  Exchange 2013 didn’t connect to the journal mailbox directly when we access it by outlook/OWA. The journal mailbox will connect the former Exchange 2010 CAS. Or we could migrate Journaling mailbox to Exchange 2013. Because Exchange 2010  could communicate
  with Exchange 2010 by RPC, but Exchange 2013 could communicate with Exchange 2013 by HTTPS.
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support

• Is it supported to connect Exchange 2013 Mailbox using Exchange 2010 CAS in Co-existence?

  Hi Team,
  I am in the phase of upgrading Exchange 2010 to 2013, and introduced 4 MBX and 2 CAS of 2013 servers in co-existence.
  Only one production mailbox of 2010 moved to 2013. The owa of the mailbox moved to 2013, is working OK internally coz only internally configured, but when I configure outlook using 2010 settings, it got configured but when I open outlook it doesn't
  open and throws an error of some "cannot open set of folders".
  Is it supported to connect Exchange 2013 Mailbox using Exchange 2010 CAS in Co-existence? because I havnt configured 2013 CAS servers yet.
  Kindly share some KB or tip. Any help is appreciated. Thank You.
  Muhammad Nadeem Ahmed Sr System Support Engineer Premier Systems (Pvt) Ltd T. +9221-2429051 Ext-226 F. +9221-2428777 M. +92300-8262627 Web. www.premier.com.pk

  I'll change Adam's wording slightly - you *MUST* install a CAS 13 server into every site where there is a MBX 13 server.
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Catalyst SLB - Exchange 2010 CAS RPC

  Hi.
  We're currently testing out SLB for load balancing a pair of Exchange 2010 CAS servers.  The config seems straightforward enough for single port services like 'Outlook Anywhere' or 'Outlook Web Access' (all on https).
  Does anyone have real life experience with getting straight MAPI Outlook load balancing to work?  According to Microsoft, there's only 3 ports to be concerned with - endpoint mapper, rpc.clientaccess, and address.book.  I've got the latter two set for static across both of these servers, and have 3 appropriate vservers in place pointing to the serverfarm, but a capture shows the process getting hung up on tcp135.  It's as if whatever server the endpoint request is landing on doesn't know what to do with the request.
  Thanks in advance for any replies.

  Hello Jay!
  Take a look at this doc:
  http://www.cisco.com/en/US/docs/solutions/Verticals/mstdcmsftex.html#wp609677
  RPC requires source ip sticky in order to operate correctly through a loadbalancer.  In the doc, they also walk through doing RPC over http/https - however, I have seen configurations where ACE is not L5-L7 that use RPC on port 135 as a L4 rule with sticky and it appears to work ok.
  Regards,
  Chris Higgins

• Exchange 2013 EAC will not run with Exchange 2010 CAS\HT servers shut down.

  Hi Folks,
  A little background - We have just migrated all our user mailboxes and public folders to Office 365 using a hybrid configuration. Now that the migration is essentially finished, I'd like to decommission our on-prem Exchange infrastructure and remove the
  hybrid config. We are using dirsync with password sync to replicate our AD to the cloud.
  I've read that even if you remove your hybrid configuration, it's a good idea to keep one on-prem Exchange server around so you can edit Exchange attribs (such as email addresses) in a supported manner, rather than using ASDI edit, etc.
  To this end, I installed a single Exchange 2013 CA\MBX server. After installation, the EAC worked fine, and I was able to view our on-prem users, groups, etc. Last week, I shut down our two Exchange 2010 CAS\HT servers as a test to see if anything broke
  prior to decommissioning them (these were the hybrid servers as well). After doing so, the Exchange 2013 EAC no longer works for some reason, and behaves in a very bizarre fashion. About once every 20 times or so, it will actually start and run. The other
  times, it just has you enter your creds, then generates an HTTP 500 internal server error after entering them. It seems to make no difference if you attempt to access it by the fqdn, hostname, or localhost right on the box itself. Same behavior on Chrome or
  IE.
  Today as a test, I started up one of the 2010 CAS servers and lo and behold, the 2013 EAC ran without difficulty again. Any idea why this might be so? Thanks for any help,
  Ian

  Hi,
  From your description, I recommend you use the following URL to check if you can access EAC. I see it works for several people about this issue.
  https://<Exchange 2013 CAS FQDN>/ecp?ExchClientVer=15
  Hope it helps.
  Best regards,
  Amy Wang
  TechNet Community Support

• Exchange 2013 CAS functionality in coexistence with Exchange 2010 CAS

  Hi,
  I am planning to migrate Exchange 2010 to Exchange 2013 for 15000 users. We have a pool of 6 CAS 2010 servers added in a single CAS array. So my question is if we introduce a new CAS 2013 server in same site then will it affect CAS traffic anyway ? If we
  point our HLB to all CAS servers including CAS 2010 and CAS 2013 so will the CAS 2010 servers wil take traffic or is it only CAS 2013 servers who will take traffic. We will be putting same URLs in CAS 2013 same as CAS 2010. I have read lot of MS articles and
  all say that CAS 2013 should be enabled for CAS traffic and it will proxy request to CAS 2010. But I am not sure if we will face any CAS traffic issue whenever we will introduce CAS 2013 servers in same site and traffic will be pointed to CAS 2010 and CAS
  2013 both. Is it possible to add CAS 2013 in Exchange 2010 CAS array ? Please guide. Thanks in advance.

  For mailbox that exist on Exchange 2010, EXCH2013 CAS will proxy the request to an Exchange 2010 Client Access servers that exists within the mailbox’s local site.
  For mailboxes that exist on Exchange 2013, EXCH2013 CAS will proxy the request to the Exchange 2013 Mailbox server that is hosting the active copy of the user’s mailbox which will generate the Autodiscover response.
  -->Is it possible to add CAS 2013 in Exchange 2010 CAS array ? 
  No. CAS Array is no longer exits in Exchange 2013. But concept of a single namespace for Outlook connectivity remains. Please check this and this. In
  your case you dont need to worry as you have a HLB in place it will do the job
  When a new exchange2013 is deployed Outlook Anywhere has been enabled on all Client Access servers within the infrastructure and the mail.contoso.com and autodiscover.contoso.com namespaces have been moved to resolve to Exchange 2013 Client Access server
  infrastructure. In your case it is pointed to both as you have a load balancer in place but the same URL should be configured in exch2013
  Make sure you have exchange2010-SP3  minimum as it is the prerequisite requirement for upgarding EXCh2010 to 2013. 
  Please check the exchange server deployment assistant
  tool for moving mailboxes
  After moving a mailbox check the URLs. Configure autodiscover,EWS,OAB URLs on exchange2013. Please check this as
  well for checking URLs.
  I hope you know MAPI/RPC (RPC over TCP) traffic is now replaced with RPC over HTTP/s instead in exch2013. 
  Thanks
  MAS
  Please don't forget to mark an answer if it answers your question or mark as helpful if it helps

• Best practice SSL End-to-End in Exchange 2010 CAS loadbalancing

  Hi,
  I was wondering if there is a best practice for deploying SSL End-to-End in Exchange 2010 CAS loadbalancing.
  We have ACE modules A5(1.1) and ANM 5.1(0), although there seems to be a template available in ANM it doesn't work. It throws a error when deploying, i believe the template is corrupt.
  As I am undersome pressure to deploy this asap I am looking for a sample config. I found one for SSL offloading, but I need one for End-to-End SSL.
  Thanks in advance,
  Dion

  Hi Dion,
  You can open up a case with TAC to have that template reviewed and confirm if the problem is at the ACE or ANM side.
  In the meantime here is a nice example for End-To-End SSL that can help you to get that working:
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
  For CAS load balancing there's nothing special other than opening the right ports, I'd advise you to get SSL working first and take it from there, if any problem comes up you can post it here and we'll give you a hand.
  HTH
  Pablo

• When i open EMC on 2010 cas server i get "the system load quota of 1000 requests per 2 seconds has been exceeded"

  when i open EMC on 2010 cas server i get "the system load quota of 1000 requests per 2 seconds has been exceeded"
  and it wont load

  when i open EMC on 2010 cas server i get "the system load quota of 1000 requests per 2 seconds has been exceeded"
  and it wont load
  Close EMC and Powershell and run iisreset.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• My macbook air cannot sync with my office microsoft exchange 2010 mail server

  My macbook air cannot sync with my office microsoft exchange 2010 mail server.
  It used to work perfectly, and then I lost connection and was never able to establish one. I re-istalled my e-mail account several times, no success.

  I am sure all of you got your email issues sorted out by now but i was having trouble settings up exchange email on my Iphone 5S, and the problem i found was to go to settings, icloud, then log into icloud with your apple id first (before setting up the exchange email).  Once i logged into my icloud account on my Phone 5S, the exchange server email starting working and synching right away.
  to confirm this worked, i even deleted my email account and deleted my Icloud accounts both from my iphone was able to simulated the same exact problem (exchange server would not sync with my Iphone 5S) until i logged back into my Icloud account on my 5S.
  Again once i logged into Icloud, the exchange server issues went completely away.
  Just wanted to post this so anyone else having the issue could see.

• EXCHANGE 2010 - Edge server with forefront FULL OF SPAM

  Hi there.
  We have recieved on Exchange 2010 EDGE server a lot of spam 200k messages in queue.
  We have stoped inboud SMTP traffic on firewall to stop the attack.
  Any suggestion how to empty the queue? I've heard there is a way to rename the "Exchange queue folder" but forget the procedure.
  How to stop the attacker?
  bostjanc

  Hi There,
  Use the KB below to find the Queue DB, then stop the service listed In the KB, rename the old DB and create a new one with the same name, than start the Service.
  http://www.ntweekly.com/?p=653
  Exchange Blog:
  www.ntweekly.com
  MCSA, MCSE, MCITP:SA, MCITP:EA, MCITP:Enterprise Messaging Administrator 2010,MCTS:Virtualization

• How do I know which update rollup is installed on my exchange 2010 sp3 server ?

  how do I know which update rollup version is installed on my exchange 2010 sp3 server ?
  Anand_N

  And take a peek here:
  http://blogs.technet.com/b/rmilne/archive/2013/10/29/how-to-check-exchange-2010-ru-version.aspx
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Outlook client in different subnet unable to connect to Exchange 2010 CAS using Windows 2008 R2 NLB multicast mode

  Hi all,
  need urgent assistance on the following issue
  this is my Exchange 2010 setup
  2 x CAS/Hub servers with HP network teaming, and load balanced using Windows NLB multicast mode. There are 2 VIPs on the NLB, one for outlook anywhere, one for autodiscover
  2 DNS records were created for the 2 VIPs
  Clients use Outlook Anywhere (HTTPS) to connect to the CAS servers from external segment via a Palo Alto firewall, which also acts as a layer 3 router
  static arp was set on the Palo Alto firewall, with both virtual MACs pointing to the primary virtual MAC used by the NLB. 
  Observations
  1. within same segment - no issue accessing Exchange servers, even when one CAS node is offline
  2. external segment (via firewall)
  a. when both nodes are up
  outlook client able to connect to Exchange CAS VIP on 443, but will disconnect after around 30 seconds. Client will retry and the pattern will repeat
  Exchange CAS RPC logs shows client connections and disconnections to the outlook anywhere VIP address
  Firewall logs shows allowed traffic from client to the VIPs
  unable to complete profile creation
  b. with only CAS2 (CAS1 stopped/deleted from NLB cluster)
  no issues accessing Exchange servers, creating profiles etc
  c. with only CAS1
  same behaviour as (a)
  reinstalled NLB, but doesn't resolve
  deleted CAS1 from NLB cluster, and re-add. issue remain
  Q1. is teaming supported? Teaming is currently set to automatic mode, instead of specified Fault Tolerant
  Q2. are there additional settings we need to set or verify on the Palo Alto firewall, since the issue only happen to external segment? Thanks!

  Yes - I've been scarred with this for many years :(
  If it is just CAS 1 that is causing issues, then focus in on that.  The support statement for Win 2008 R2 is that NLB is still a 3rd party component and support may ask for it to be disabled.
  http://support.microsoft.com/kb/278431 
  Does CAS1 and CAS2 have the same NICs (firmware as well), driver, teaming software, and teaming config? 
  I also want to ask what the network team did for configuring the switch ports on the servers?  This will vary from vendor to vendor  - did they do the same config on both?
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
  Thanks Rhoderick, issue still persists
  can you also help clarify what you meant by "configuring the switch ports on the servers"?
  thanks again

• ECP Page not loading after installing SP3 on Exchange 2010 CAS&HUB Server

  I have installed SP3 on my Exchange CAS Server after that OWA was not working, hence I have reset owa, ecp,ews,oab, autodiscover & active sync virtual directory from EMC. After that OWA is started working.
  But While accessing ECP , content is not loading properly. I have reset virtual directory of ecp 2 times but problem is still same. 
  Kashi

  Did you tested different browser?
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.